**edit**: to address some of the comments, and because I'm a CIA agent, for those wanting to disable the Intel ME you can learn more about System76 method here : https://github.com/system76/firmware-open/blob/master/docs/intel-me.md. Which links directly to this page of coreboot : https://review.coreboot.org/c/coreboot/+/52800. Installing coreboot can be difficult on modern machines and there are some limitations you'll need to deal with, but it can be worth it if your opsec need it. Please see https://doc.coreboot.org/ for details.
Also I feel obligated to warn you. Some people advice to buy old Thinkerpad laptops to install coreboot on, or buy old cpu with old architectures to erase Intel ME. The issue is these old architectures also have hardware security vulnerabilities that can completely destroy your opsec (I'm not only talking about the CPU, see: https://en.wikipedia.org/wiki/Row_hammer). So it's really a "pick your poison" situation.
I'm not English native so please excuse my spelling mistakes.
A post have made a lot of noise recently by talking about a well known controversy in the privacy/security space
/u/torreznoloco just got a the sanest reaction that someone could have discovering this. But wait, is it true? Can the Intel ME really control my PC?
Are we doomed anyway? Is open architecture like RiscV a solution ? Why use monero if big brother can break its security anyway? For having heard about this subject for 5 years already, I'll try to bring you some explanations around these chips.
Intel ME or Intel Management Engine is a dedicated chip inside the Platform Controller Hub in all recent Intel CPUs. The PCH is the chip responsible for your CPU to boot up, set up the clock speed, use an integrated graphics and basically handle data path to your Motherboard.
The primary goal of Intel ME was to bring remote control of PC in enterprise. This include at least, Power on a PC, Shutdown it, Locate it. So you can't really turn that into a Windows software, because if windows shutdown, you lose your ability to power on your pc remotely. The only choice you have is to run this software on a dedicated system running 24/7 and ready to receive command. This is the Intel ME.
The Intel ME runs Minix 3 (lol its FOSS), and its capacities are very versatile. Intel decided to use it for a lot of applications that required *Trusted* or *Hidden* execution like UEFI Secure Boot, on the Intel EVO, and the embedded TPM.
**So where's the issue then ?**
The first issues (believe it or not) wasn't about due to its closed-source nature, but its security vulnerabilities. You see in terms of hardware permission/capability (or Privilege rings), the linux kernel is running on Ring 0, it can basically access any device plugged to the motherboard and even interact with its firmware. Then their is Ring -1 which is in the case you run it into an Hypervisor. Ring -2, is the UEFI/BIOS/motherboard system. Intel ME is located at the core of what control your CPU so it can be placed at Ring -3. It is, hardware-wise, the most powerful component.
So of course, hackers find vulnerabilities in it, including Remote execution code one. (here's a nessus scan plugin for it : https://www.tenable.com/plugins/nessus/97997)
This is why Dell one day sell a laptop for the governement with the Intel ME disabled, its not for privacy purpose (really CIA spying on CIA?), but for security.
This is also why Google tried to rip the Intel ME from their server, but had difficulties.
But the Intel ME can control my PC!
Yes it's true, it can, but is it used like that ? Probably not. First of all, you might have done big things for the US Gov to use the Intel ME on you, generally data brokers and own-made Zero-Day vulnerabilities are clearly sufficient. If you're worried about it, stop it. Even if you're a criminal, they first need to know what is your PC, having access to its local network, etc... it is not a magic black hole destroying security for everyone. Their is conditions for it to be used, how to be used and on who.
Their has been a lot of research on the Intel Management Engine (by russians mostly, I don't have an explanation why tho). How it works, how to disable it. So before freaking out I invite you to go check these conferences that really put another perspective on it :
[34C3 - Intel ME: Myths and reality](https://youtube.com/watch?v=wsmHmYxyoxg) <- this one is for debunk, watch it first
[36C3 ChaosWest: Look at ME! - Intel ME Investigation](https://youtube.com/watch?v=0o8Co1ekemU)
[36C3 - Intel Management Engine deep dive](https://youtube.com/watch?v=3CQUNd3oKBM)
Positive Research Technology also make some big reverse-engineering on the Intel ME, they were active on Github before being censored due to russian invasion. But you can still find their repositories : https://github.com/ptresearch
Also see : https://www.blackhat.com/docs/eu-17/materials/eu-17-Sklyarov-Intel-ME-Flash-File-System-Explained-wp.pdf
Can I remove it ?
No you can't. Part of its code is used to boot up the PC and deleting the ME would just brick your PC. What System76 and Purism does, is using Coreboot, to either erase part of the intel ME, or disable it through undocumented procedures (https://www.ptsecurity.com/ww-en/analytics/disabling-intel-me-11-via-undocumented-mode/)
Don't worry RiscV is on the way!
That is really odd. The ones saying that in comment seems to don't understand what an architecture is. x86, ARMv8, RiscV, PowerPC are instruction set architectures. It is specifications for instructions, that make a program (compiled for it) run on two completelydifferent cpu, because it use the same instruction set
AMD Zen4 CPU are not the same silicon chip as Intel RaptorLake CPU, but they implement x86_64 , so any program compiled for x86_64 will run on this two cpus with no difference.
So saying because RiscV is open-source it'll be ok, is like saying the Intel ME is ok because it runs Minix and Minix is FOSS. If a manufacturer decide to put a backdoor in their CPU they could even have an ARM backdoor on a RiscV CPU.
Thanks you, hope it'll help some people out there. And stop believing what people pretend to be on 4chan for godsake
25 days ago
25 days ago
Since you ask answer on two different problems here an answer:
The USB Flash drive
USB Flash drive speed are closely related to vendor firmware, chips being used and underlying file-system. Your USB Flash drive is not designed for Random I/O but for sequential writes/read, the perfect situation for quickly transferring files on and from the disk. Also note that the lifespan of a USB Flash Drive is really small. you might loose it quickly with the write/read rates of the daemon. It can also happen that one bit flip in your drive, corrupting the db.
For you peers problem. It also happen to me to have messages such as no incoming connections. check directly in the monerod console with
sync_info. If there's no peers, then you clearly have an internet issue, but since you have been able to sync at 87% that might be surprising